Revision as of 17:04, 16 September 2010

Objectives

Identify the most complicated sql injections which are beyond the scope of any automated tool?

Identify and Extract sensitive data from back-end database?

Privilege Escalation within the database and extracting data with database admin privilege?

OS code execution on these database server and use this as a pivot to attack internal network?

Description

This is a full day hands on training course which will typically target penetration testers, security auditors/administrators and even web developers to learn advanced exploitation techniques. SQL Injection, although now nearly 15 years old, still exists in over 30% of the web applications. This vulnerability could typically result in 3 scenarios:

Authentication Bypass

Extraction of arbitrary sensitive data from the database

Access and compromise of the internal network.

To identify the true impact of this vulnerability it is essential that the vulnerability gets exploited to the full extent. While there is a reasonably good awareness when it comes to identify this problem, there are still a lot of grey areas when it comes to exploitation or even identifying complex vulnerabilities like a 2nd order injections. This training will target 3 databases (MS-SQL, Mysql, Oracle) and discuss a variety of exploitation techniques to exploit each scenario. The aim of the training course is to address the following:

Identify the most complicated sql injections which are beyond the scope of any automated tool?

Identify and Extract sensitive data from back-end database?

Privilege Escalation within the database and extracting data with database admin privilege?

OS code execution on these database server and use this as a pivot to attack internal network?

Instructor

Instructor: Sumit Siddharth Sumit "sid" Siddharth works as a Principal Security Consultant (Penetration Tester) for 7Safe Limited in the UK. He specializes in the application and database security and has more than 5 years of pentesting. Sid has authored a number of whitepapers and tools. He has been a speaker at many security conferences including Blackhat, Defcon, Troopers, OWASP Appsec, Sec-T etc. He also runs the popular IT security blog: www.notsosecure.com